RSAC 2026 features hundreds of sessions across tracks, villages, and programs. But as always, the conference’s core narrative is shaped by a much smaller, curated set of keynotes. While the Main Stage is dominated by solo, vision-setting talks, the most substantive multi-speaker discussions emerge at the YBCA Theater.

Together, these panels and keynotes reveal what cybersecurity leaders believe will define the next phase of the industry; from AI governance and offensive cyber to cryptography’s post-quantum future. The following sessions stand out as the conversations most worth watching.

 

1. The Cryptographers’ Panel (YBCA Theater)

Format: Panel

What it’s really about:
 This panel looks at how the foundations of cybersecurity are being tested by two overlapping forces: the fast adoption of AI-driven systems and the long-term effects of quantum computing. Instead of focusing on specific tools, the discussion will consider how cryptographic assumptions may need to change in a world that increasingly relies on intelligent and autonomous technologies.

Why it matters now:
As organizations speed up AI deployment and start to prepare for post-quantum security, cryptography is at the heart of long-term risk. Decisions made today about data protection, trust models, and cryptographic design will impact security outcomes for years. This session presents a research-based view on which cryptographic challenges need immediate attention and which may be overlooked.

Who’s on stage:
 A panel of leading academic and industry cryptographers, including Cynthia Dwork, Adi Shamir, Whitfield Diffie, and Paul Kocher.

 

2. Inside Offensive Cyber: Lessons from Four NSA Directors (YBCA Theater)

Format: Panel

What it’s really about:

This panel looks at the ongoing debate over offensive cyber operations as calls for private-sector “hack-back” increase. Drawing on experience from national security and industry, the discussion focuses on where offensive cyber has typically fit in, how the threat landscape is changing, and what risks come up when offensive capabilities move beyond the state.

Why it matters now:
As cyber operations get faster, more automated, and more connected to geopolitics, the line between defense and offense is becoming increasingly unclear. Questions about escalation, accountability, and unintended consequences are no longer just theoretical. This session offers a practical view on whether offensive cyber activity outside government structures is realistic or dangerous and what safeguards might be needed as the pressure to act more aggressively against adversaries rises.

Who’s on stage:
 Former NSA and U.S. Cyber Command leaders Paul Nakasone, Keith Alexander, Tim Haugh, and Mike Rogers, alongside cybersecurity investor Ted Schlein of Ballistic Ventures.

 

3. CISOs Unchained III (YBCA Theater)

Format: Panel

What it’s really about:
This session brings together experienced former CISOs to discuss how the role has changed and why it remains one of the most complex positions in a company. Rather than focusing on tools or frameworks, the conversation centers on leadership, decision-making, and managing competing expectations across business, technology, and risk.

Why it matters now:
As CISOs face more accountability for outcomes they cannot fully control, clear understanding of responsibility, authority, and success metrics is becoming essential. This panel gives an honest look at what the role demands today, what has changed over the past decade, and where many organizations still make mistakes.

Who’s on stage:
 Former long-tenured CISOs Roland Cloutier, Phil Venables, and Charles Blauner, sharing perspectives shaped by years in senior security leadership roles.

 

4. The Five Most Dangerous New Attack Techniques: Crucial Tips for Defenders (Main Stage)

Format: Panel

What it’s really about:
 This annual SANS panel looks at new attack techniques that defenders are likely to see soon. The discussion draws on insights from research, incident response, and training. It focuses on how attackers change their methods and which techniques work best in real-world situations.

Why it matters now:
As attack tools become easier to access and automation speeds up, defenders face more pressure to focus on the right risks. This session cuts through the distractions by highlighting attack techniques that often cause the most harm. It offers useful insights on where defensive efforts and resources should be aimed.

Who’s on stage:
 Senior SANS researchers and instructors, including Joshua Wright, Rob T. Lee, Ed Skoudis, and Heather Barnhart, sharing practitioner-driven perspectives.

 

5. AI: Our Collective Opportunity (Main Stage)

Format: Keynote

What it’s really about:
 This keynote frames AI as a force reshaping both offense and defense, with cybersecurity leaders increasingly expected to influence how AI is developed, deployed, and governed. Rather than focusing on specific technologies, the session looks at AI as a shared responsibility across security, policy, and business.

Why it matters now:
 As organizations race to adopt AI, security decisions are being made faster than governance models can mature. This session signals RSAC’s broader position that AI risk cannot be treated as a purely technical problem, and that coordination across industry and policy will determine whether AI strengthens trust or amplifies systemic risk.

Who’s on stage:
 RSAC Conference Program Chair Hugh Thompson, outlining how the conference views AI’s role in shaping the future of cybersecurity.

 

6. Activate Industry! Moving Beyond Defense to Disruption and Active Defense (Main Stage)

Format: Keynote

What it’s really about:
 This keynote argues that traditional, reactive security models are struggling to keep pace with increasingly automated and AI-driven threats. It explores how intelligence-led approaches and coordinated disruption efforts can reduce adversary effectiveness, moving beyond information sharing toward more proactive intervention.

Why it matters now:
 As attackers scale operations using automation and AI, defenders face pressure to do more than detect and respond. The idea of “active defense” remains controversial, particularly around scope and accountability, making this session a signal of how large organizations are thinking about pushing back against threat actors without crossing legal or ethical boundaries.

Who’s on stage:
 Sandra Joyce, Vice President of Google Threat Intelligence, sharing perspectives from large-scale threat disruption efforts in the private sector.

 

7. The Responsibility Gap: AI and the Shift to True Security Accountability (Main Stage)

Format: Keynote

What it’s really about:
 This keynote focuses on how rapid AI adoption has outpaced clarity around ownership and accountability. As AI systems are introduced across products, infrastructure, and operations, responsibility for risk management is often fragmented across teams, creating gaps that traditional security models are not designed to address.

Why it matters now:
 As regulators, boards, and executives increasingly scrutinize AI-driven risk, unclear accountability is becoming a liability in itself. This session highlights the need for governance structures that clearly define ownership, oversight, and decision-making for AI security before organizational blind spots turn into systemic risk.

Who’s on stage:
 Stephen Vintz, Co-CEO of Tenable, discussing AI security accountability from an executive and governance perspective.

 

8. AI vs. AI: How to Reshape Defense Faster than Attackers Reshape Offense (Main Stage)

Format: Keynote

What it’s really about:
 This keynote focuses on how cyber conflict is increasingly moving toward interactions between machines. Attackers use AI to quickly probe, adapt, and exploit systems. Instead of concentrating on individual users, the discussion highlights how AI-driven environments create new exposure points, especially in complex and interconnected infrastructure.

Why it matters now:
Defenders use AI to handle scale and complexity, and attackers are doing the same. This leads to a new arms race where response speed, visibility, and design choices become more important than individual controls. The session explains why defensive strategies must change to work at machine speed, particularly in environments that support critical services.

Who’s on stage:
 Nadir Izrael, CTO and Co-Founder of Armis, discussing AI-driven threats and defensive adaptation.

 

How These Sessions Frame the Conference

These panels and keynotes show a clear change in how cybersecurity leaders view risk and responsibility in 2026. The focus has shifted from just detection and response to governance, accountability, and how power works in AI-driven systems.

While the Main Stage keynotes set the strategic direction by framing AI, active defense, and executive accountability as key challenges, the most candid and detailed discussions occur in panel settings, especially at the YBCA Theater. These sessions reveal the tensions the industry is still addressing, from offensive cyber boundaries to the long-term effects of post-quantum security.

For attendees and observers, these conversations provide a clear look at what RSAC 2026 is truly about. It’s not just new technologies; it’s also the decisions, trade-offs, and responsibilities that will shape the next phase of cybersecurity.